Police in Biloxi, Mississippi received a disturbing report in the summer of 2011: someone using the e-mail address dalton.powers1@yahoo.com had been contacting young girls in the area through Facebook. "Dalton" said he was new to Biloxi and was looking for friends. When girls aged 9-16 responded, he struck up conversations. These led quickly to a question game in which he asked the girls about their bra sizes, sexual experiences, and bodily imperfections.

When girls responded, Dalton then demanded that they go further and send him topless images. If they did not, he would take the information provided by the girls themselves and send it to their parents, friends, and school officials. Numerous girls complied, though some could only bring themselves to pose in their underwear. Nearly every shot came from the cameras on the cell phones each girl owned.

Of course, a single picture wasn't enough. Dalton demanded that those in their underwear send him topless shots, that those already topless send him fully nude shots, and that those who had posed nude send him live webcam footage of sexual activity. Some girls, even very young ones, did so in order to avoid further embarrassment.

Parents complained to police after several girls revealed what had been happening. "They didn’t want to play his game anymore,” Biloxi police Detective Donnie Dobbs told a local paper recently.

Connecting Facebook accounts and e-mail addresses to an IP address is trivial; connecting those IP addresses to real-world Internet subscribers is no harder. So the Biloxi police had little difficulty tracing Dalton to a house on Melbourne Circle in Montgomery, Alabama.

The only problem: while IP address lookups may be accurate, they never identify people. And the family living in the house on Melbourne Circle certainly hadn't been conducting criminal extortion on Facebook. So what was going on?

At about the same time, police in Livingston Parish, Louisiana received similar reports from local families. This time, one "CJ Harper" was at work, using a similar scheme to obtain sexual photos. At least one 12-year old girl sent Harper a photo, while a 14-year old and 15-year old each performed "lewd and lascivious acts" for Harper though Skype.

Christopher Gunn mugshot

One of the contact e-mails for CJ Harper was dalton.powers1@yahoo.com; when police in Louisiana traced the IP addresses behind the account, they also resolved to Montgomery, Alabama. CJ Harper and Dalton Powers appeared to be the same person, but just who was that person? The IP address lookups this time didn't resolve to the house on Melbourne Circle but to another home on Worthing Road.

With reports like this rolling in from across state lines, the FBI took over the case. Special Agent Erik Doell visited the home on Worthing Road, hoping the owners could explain just how their IP address had come to be linked to the case. The home was owned by a couple who told Doell that they had been on a trip to the Dominican Republic at the time of the offenses. A house-sitter had been there instead, they said, a man named Graham Gunn.

Doell tracked down Gunn, who said that others had visited him during his stay on Worthing Road. One visitor was a friend who actually lived in the Melbourne Circle home that had been linked to the Biloxi case—so, case cracked? Not quite. One of Graham Gunn's relatives, Christopher, had also visited the Worthing Road house. The relative brought along a laptop, and had allegedly been quite secretive about his activities. Further discussion with the friend revealed that Christopher Gunn had also visited the home on Melbourne Circle and had used the Internet there from his own computer and from family computers.

And once it became clear that Christopher Gunn had a link with both houses in the case, he became the investigation's target. That's because Gunn had been raided by local police in Montgomery months earlier after suspicion that he had been running a similar extortion on local junior high school girls.

The Bieber Ruse

Back on April 7, 2011, an officer at Prattville Junior High School had notified his bosses about someone called "Tyler Mielke" who had been contacting local girls through Facebook and asking for nude pictures.

Cops drove out to the school and sat down with the girls and a guidance counselor. There the police learned that Tyler had run through the "new kid in town" scam with the same "what's your bra size?" questionnaire.

Tyler had gone to extra lengths to make his threats against the girls seem real, allegedly going so far as to call the girls using a spoofed phone number that appeared to be from the junior high school. On April 12, police in Montgomery called Facebook's Law Enforcement Hotline and obtained the IP addresses used to access Tyler's Facebook account. All were from Charter Communications, which informed police the addresses resolved to an apartment on Creek Drive in Montgomery.

On April 14, police executed a state search warrant on the apartment and found Christopher Gunn and his four computers, an external hard drive, and three flash drives. Scrubbing through the data on the computers, police claimed that Gunn had spent January to April searching Facebook for local female juveniles—and that he had contacted more than 250 of them in the Montgomery area alone under the Tyler Mielke name.

Remarkably, despite the search, Gunn allegedly continued his extortion, sort-of disguising his IP address by logging in from friends' homes and targeting girls who lived further away. (The FBI believes he engaged girls in Florida, North Carolina, Virginia, Pennsylvania, Michigan, and California.) In the end, investigators said that Gunn had used seven Facebook IDs. They also claimed that he switched tactics, eventually ditching his "new kid in town" routine to pretend that he was pop star Justin Bieber trying to meet young fans.

No, Justin Bieber is not contacting you on Skype

Not in my house

With the cases connected, Doell prepared to bring Gunn in. Doell obtained a federal search warrant and tracked the location of Gunn's phone. For one month, the phone spent most of its time in the apartment on Creek Drive. On March 20, 2012, the feds paid the place a visit.

Gunn and his mother were there, along with an Acer laptop and the cell phone that Doell had been tracking. A state computer investigator looked through the phone that same day and said he found "several images of young females posing topless in the mirror, as well as a photograph of a blonde female posing totally nude in the mirror." The FBI took the computer; its examiner also said he found similar images on the machine and in its Recycle Bin. He also turned up a much "harder" video of a prepubescent girl being penetrated by an adult male.

Gunn was arrested and charged with possessing child pornography. On April 13, his lawyer notified the judge that Gunn was prepared to change his plea from "not guilty" to "guilty." Two weeks later, the Grand Jury investigating the case returned with three counts of extortion and two counts of producing child pornography. The Grand Jury eventually found that Gunn's "New Kid Ruse" went all the way back to 2009, while the "Justin Bieber Ruse" ran only from November 2011 until just before his arrest. With far more charges and the possibility of a much tougher sentence, Gunn pled "not guilty." The case remains ongoing.

At least in this case, the government appeared to avoid the "kick down the door first and ask questions later" approach it has sometimes taken in past child porn investigations. An Associated Press article described one such raid last year, based on an IP address that turned out to lead to an innocent man:

Lying on his family-room floor with assault weapons trained on him, shouts of "pedophile!" and "pornographer!" stinging like his fresh cuts and bruises, the Buffalo homeowner didn't need long to figure out the reason for the early-morning wake-up call from a swarm of federal agents.

"We know who you are! You downloaded thousands of images at 11:30 last night," the man's lawyer, Barry Covert, recounted the agents saying. They referred to a screen name, "Doldrum."

"No, I didn't," the man insisted. "Somebody else could have but I didn't do anything like that."

Well—yes, it is a cautionary tale, but it's also a caution to police. Is banging on a door at 6am and then taking down a homeowner like he's some kind of Rambo-in-waiting really a great idea when he has no history of violence and your only real evidence is an IP address? Fortunately, Doell appears to have simply met and spoken with Graham Gunn and his friend in this case, rather than raiding two homes whose owners had nothing to do with the crimes in question.

But it should make homeowners think, and not just about running an open access point. In both homes in the Gunn case, the WiFi network may well have been locked down, but one has to exercise a bit of caution about providing access to others. When guests want your password, do you offer it reflexively? It feels inhospitable not to, and yet—whatever they do online could bring law enforcement or a private lawsuit to your door.

At least the police, after the unpleasantness with the handcuffs and the searching has ended, can be convinced you did nothing wrong. Law firms filing thousands of "John Doe" copyright lawsuits in an attempt to wring settlements out of people without a trial may see all such claims as mere excuses.

So the next time a guest asks for your network password, let them know about your personal "Acceptable Use Policy"—no child porn, no copyright infringement, no hacking, no spamming, and no crazy sextortion schemes. That guest bedroom has seen enough weird behavior as it is.

This dude is sick, and everyone like him is sick, but every time I read one of these types of stories, I expect to read "but he was using the TOR network" or something like that, I don't understand why these people go to such great lengths to extract lewd pictures, but don't use an anonymous IP address. If pirates can do it so they don't get caught downloading movies, which is a significantly less heinous act IMO, why don't creepy pedophiles do it?

This dude is sick, and everyone like him is sick, but every time I read one of these types of stories, I expect to read "but he was using the TOR network" or something like that, I don't understand why these people go to such great lengths to extract lewd pictures, but don't use an anonymous IP address. If pirates can do it so they don't get caught downloading movies, which is a significantly less heinous act IMO, why don't creepy pedophiles do it?

We are only catching the stupid ones. That is a small subset of the problem.

the next time a guest asks for your network password, let them know about your personal "Acceptable Use Policy"—no child porn, no copyright infringement, no hacking, no spamming, and no crazy sextortion schemes.

I say tell them that, and then let them know their traffic is going through a proxy and will be logged. Even if it isn't, that would probably make most people keep their act clean.

Sigh, what I'll never understand: Why are people fine with sending "compromising" pictures/information/whatever to complete strangers on the net, that they wouldn't want anyone in their social life to see?

In case of the really young children that's clearly a serious mistake on part of the parents (yeah you don't let your 9year old kid alone on the internet for extended periods of time), but I'd certainly expect more common sense from 14-16year olds.

Other than that I'm also always amazed by the stupidity of the culprits - I fear the lack of news on any people with even the slightest idea what they're doing means we're only seeing the tip of the iceberg and anyone with the IQ over stale bread gets away with it..

I've been nervous about this for a while. I occasionally rent rooms out to friends or co-workers and I worry that they'll do something that will get the RIAA/MPAA or police involved. I mean, I have no reason to suspect any of them, but thast just it: These things are usually dark secrets that their friends and family are not aware of.

Realistic suggestions from anyone that are not massive technical challenges for myself or my renters/guests?

This guy is the perfect example of why we should bring back public execution. Stoning preferably.

Secondly never let guest on to your wireless networks. I rotate all my network names and passwords every 30 days and use MAC authentication, no SSID broacast and all traffic does go through my old P4 running NetBSD. No one is going to blame me for shit even if they do get it.

Sigh, what I'll never understand: Why are people fine with sending "compromising" pictures/information/whatever to complete strangers on the net, that they wouldn't want anyone in their social life to see?

Because most parents don't understand the internet, and thus don't explain it to their kids very well.

We have a fucking magic box that sends data across the world now, and everyone is using it without any training. It is like handing kids the social equivalent of dynamite and matches and telling them to go have fun because you have no clue what either does.

I've been nervous about this for a while. I occasionally rent rooms out to friends or co-workers and I worry that they'll do something that will get the RIAA/MPAA or police involved. I mean, I have no reason to suspect any of them, but thast just it: These things are usually dark secrets that their friends and family are not aware of.

Realistic suggestions from anyone that are not massive technical challenges for myself or my renters/guests?

Get a second internet line for guests to use (maybe a basic 768kbps DSL line.) You'd still have to convince the cops that it wasn't you using it, but it's an extra layer of deniability.

Otherwise, guest wifi access network and only allow http requests on port 80 with opendns filtering cranked to the max. You're friends/coworkers are OK with only visiting pbskids.org, right?

Secondly never let guest on to your wireless networks. I rotate all my network names and passwords every 30 days and use MAC authentication, no SSID broacast and all traffic does go through my old P4 running NetBSD. No one is going to blame me for shit even if they do get it.

Security through obscurity I see. Well apart from the "never let guests onto your wireless network" which probably doesn't make you especially liked by your visitors, but I can see the point. Though I'd think just logging the data would be a middleground.

Major General Thanatos wrote:

Because most parents don't understand the internet, and thus don't explain it to their kids very well.

Sure and clearly for the younger girls there, that's a parenting issue, no doubt. But for 14+ year olds? I mean when I was 14, facebook and co didn't exist, but we did have this nice thing called IRC [1] and I'm pretty sure I wouldn't have been so stupid as to send naked pictures of myself or something to a stranger I just happened to meet in some channel half an hour ago (or maybe I'm seeing this all through rose colored glasses, the good ole' time, boy I hope not). But I really can't remember these things happening as such a regularity as in the last few years now. Seems to me that facebook and co with their "share everything" mentality are at least partially at fault there.

[1] Considering that IRC was apparently appeared 1988, that's probably true for a large part of the visitors here.

Im more surprised at some of these kids in the article. Awhile back ago there was a guy acting like Justin Bieber when i saw his picture, he looked nothing like the kid.. especially age. How can some of these younger girls not recognize how the real Justin Bieber looks like?

Sigh, what I'll never understand: Why are people fine with sending "compromising" pictures/information/whatever to complete strangers on the net, that they wouldn't want anyone in their social life to see?

Why? Because it's exciting. Sure, it's risky, but that's part of the appeal.

To that point, parents / schools need to teach kids about Internet safety and perhaps schools should cover "sexting" in Sex Ed classes. Based on what I've heard from teachers and recent high school grads, I wouldn't be surprised if as many as several million kids (age 12-17) have shared racy photos or video chats in the last 4 years and many of those kids had their private photos & vids exposed by boyfriends / girlfriends, not strangers.

Secondly never let guest on to your wireless networks. I rotate all my network names and passwords every 30 days and use MAC authentication, no SSID broacast and all traffic does go through my old P4 running NetBSD. No one is going to blame me for shit even if they do get it.

Security through obscurity I see. Well apart from the "never let guests onto your wireless network" which probably doesn't make you especially liked by your visitors, but I can see the point. Though I'd think just logging the data would be a middleground.

Major General Thanatos wrote:

Because most parents don't understand the internet, and thus don't explain it to their kids very well.

Sure and clearly for the younger girls there, that's a parenting issue, no doubt. But for 14+ year olds? I mean when I was 14, facebook and co didn't exist, but we did have this nice thing called IRC [1] and I'm pretty sure I wouldn't have been so stupid as to send naked pictures of myself or something to a stranger I just happened to meet in some channel half an hour ago (or maybe I'm seeing this all through rose colored glasses, the good ole' time, boy I hope not). But I really can't remember these things happening as such a regularity as in the last few years now. Seems to me that facebook and co with their "share everything" mentality are at least partially at fault there.

[1] Considering that IRC was apparently appeared 1988, that's probably true for a large part of the visitors here.

Ah yes, IRC. Logging onto there with anything female sounding was a recipe for getting inundated with queries. And given recent news reports about female MMO characters and console voice chats, nothing has improved since. Not sure if it means that humanity is slipping, or if the net just helps expose what has always been out there (tho the appearance of .anonymity is likely not helping).

Sigh, what I'll never understand: Why are people fine with sending "compromising" pictures/information/whatever to complete strangers on the net, that they wouldn't want anyone in their social life to see?

In case of the really young children that's clearly a serious mistake on part of the parents (yeah you don't let your 9year old kid alone on the internet for extended periods of time), but I'd certainly expect more common sense from 14-16year olds.

This is a direct product of the influence of liberalism and the glorification of sexual activity at young ages. What the hell else did people expect would result from bombarding kids with the idea that sex is no big deal? If sex is no big deal, how the hell do you expect them to consider simple nudity something to be avoided?

This dude is sick, and everyone like him is sick, but every time I read one of these types of stories, I expect to read "but he was using the TOR network" or something like that, I don't understand why these people go to such great lengths to extract lewd pictures, but don't use an anonymous IP address. If pirates can do it so they don't get caught downloading movies, which is a significantly less heinous act IMO, why don't creepy pedophiles do it?

They have to be mentally retarded ( at least in some way).Most of them will not have the brain to use that would know to use TOR & other IT Stuff as well to at least try and hide yourself.Once they truly know these creeps are guilty they ought to just release them into Gen.Pop. in the Prison.Inmates will take care of the rest.

edit: and what's with all the child porn stories on ars lately? Isn't one enough to convince us that some people are bad?

Well, convincing you people are "bad" is not the point--there are -tons- of these stories, but I'm interested in ones that make some kind of interesting point. In this case, what caught my attention was the way this guy's alleged actions initially implicated two innocent families, and what that means in a world where IP address lookups are a common tool to obtain search warrants.

edit: and what's with all the child porn stories on ars lately? Isn't one enough to convince us that some people are bad?

Well, convincing you people are "bad" is not the point--there are -tons- of these stories, but I'm interested in ones that make some kind of interesting point. In this case, what caught my attention was the way this guy's alleged actions initially implicated two innocent families, and what that means in a world where IP address lookups are a common tool to obtain search warrants.

Heh, time for another "banana"?

Edit: tho it brings to question what the focus of the article was, the sextortion or the limitations on IP addresses as a identifier.

From what I could read in the documentation, I can set up a guest network. So far so good. It seems that if I want filtering I have to install a "Parent Guard" program. It seems this program would work on both the guest and non-guest network. There is a work around, you can load a program on a computer that when a password is provided visits a website you have an account on and then "unlocks" that computers. I don't see how to lock down the visitor network without installing this program across both networks and thus loading the "Get out of jail free" program on certain computers. Plus the filtering program is not going to be perfect.

I would appreciate any links or information on how to lock down the guest network without also locking down the primary network. I would appreciate any information on how to lock down the guest network so it does not allow bittorrent like programs to download stuff.

This is a direct product of the influence of liberalism and the glorification of sexual activity at young ages. What the hell else did people expect would result from bombarding kids with the idea that sex is no big deal? If sex is no big deal, how the hell do you expect them to consider simple nudity something to be avoided?

I've so far seen not a single source showing some connection there between more countries with a more open attitude towards sex and say the US. So that hypothesis seems not well supported I fear.

While this is horrible, and I'm glad the people involved are getting prosecuted there are far worse things to worry about. Like getting enough exercise, since the #1 killer is heart attacks, followed by car accidents.

The chances of getting caught up in something like this is probably worse than winning the lottery.

It's nice to see that so many girls came forward. There's a lot of talk here about how stupid the girls were and what a shocking reflection this is on society. Teenagers are naive and impressionable, especially when it comes to sex. It's unrealistic to hope that we can control these sorts of situations simply by creating a generation of universally super-savvy kids, and scaring them silly about the dangers of strangers and of sex may have all sorts of negative side-effects.

At least here, there were plenty of girls who were confident enough to defeat this creep, even after they'd (literally) exposed themselves. I think that's the most we can hope for from the children. In return, society owes it to them to take their reports seriously and to deal with the offenders swiftly and strongly.

edit: and what's with all the child porn stories on ars lately? Isn't one enough to convince us that some people are bad?

Well, convincing you people are "bad" is not the point--there are -tons- of these stories, but I'm interested in ones that make some kind of interesting point. In this case, what caught my attention was the way this guy's alleged actions initially implicated two innocent families, and what that means in a world where IP address lookups are a common tool to obtain search warrants.

I thought the more important point to your story is that some police are now using those timeless techniques of 'real' police work to get as much information as possible to request a search warrant. IPs as identifiers for suspects on warrants should never be allowed. The police need more to save taxpayer money on lawsuits for 4th Amendment violations.

I wonder though, how police would have reacted if the innocent families had lawyered up when police came by to investigate. After all, open WiFi is clearly reasonable doubt in any criminal prosecution for someone doing something illegal over your router.

Sigh, what I'll never understand: Why are people fine with sending "compromising" pictures/information/whatever to complete strangers on the net, that they wouldn't want anyone in their social life to see?

In case of the really young children that's clearly a serious mistake on part of the parents (yeah you don't let your 9year old kid alone on the internet for extended periods of time), but I'd certainly expect more common sense from 14-16year olds.

This is a direct product of the influence of liberalism and the glorification of sexual activity at young ages. What the hell else did people expect would result from bombarding kids with the idea that sex is no big deal? If sex is no big deal, how the hell do you expect them to consider simple nudity something to be avoided?

You do know that the more 'conservative' and 'christian' a state is, the lower the average age of lost virginity, right? I'm not claiming that conservatives have sex younger, only that your premise is flawed.

I've been nervous about this for a while. I occasionally rent rooms out to friends or co-workers and I worry that they'll do something that will get the RIAA/MPAA or police involved. I mean, I have no reason to suspect any of them, but thast just it: These things are usually dark secrets that their friends and family are not aware of.

Realistic suggestions from anyone that are not massive technical challenges for myself or my renters/guests?

edit: and what's with all the child porn stories on ars lately? Isn't one enough to convince us that some people are bad?

Yeah, it's getting a little overwhelming. Kind of ruins your day so I'm probably going to skip the one they post tomorrow.

Oh, And I'm waiting for the child porn article where the culprit reads an article on Ars then changed their behavior and was harder to catch. Causing more children to be victimized.

Nevermind that, like Nate states, the stories posted here regarding this subject have a point besides what you only allow yourself to see in them. Also, by all means keep on ignoring subject like this: security through obscurity and sweeping things under the carpet have indeed always worked wonderfully towards prevention and eradication of negative issues.

-- Many people know that WEP security on Wi-Fi is easily broken, but very few know that WPA-- and even WPA2 secured networks are also at risk. With the release of a publically available -- open source tool called Reaver, now almost anyone can crack most WPA and WPA2 networks.-- In short, a huge percentage of Wi-Fi networks can be broken.